📣 Ransomwhere now has over $1 billion in payments, making it the first public ransomware payments dataset over a billion dollars.
Access the dataset here: https://t.co/lBxHWCQTXq
Read the latest research: https://t.co/mZvwAjMORj
5 addresses from Akira and Black Basta #ransomware representing $1.8 million in payments have been added to Ransomwhere. Access at https://t.co/xeLnspSqpF
Ransomwhere has been updated with over $80 million in newly-attributed Conti payments, increasing the amount of publicly known Conti payments to over $100 million.
Access the data via https://t.co/aVwOnKNyo6 or https://t.co/fl9hf2tobr.
Excited to share new research with Ian Gray, Ben Brown, Vlad Cuiujuclu and Damon McCoy.
This is the first in-depth peer-reviewed research into the Conti leaks. We mapped over $80 million in new payments to Conti.
Read the paper: https://t.co/ISPAgBI7CZ
Some takeaways 🧵
Excited to share new research with Ian Gray, Ben Brown, Vlad Cuiujuclu and Damon McCoy.
This is the first in-depth peer-reviewed research into the Conti leaks. We mapped over $80 million in new payments to Conti.
Read the paper: https://t.co/ISPAgBI7CZ
Some takeaways 🧵
Based on more complete Censys and Shodan data:
• A total of 1,252 servers have been infected by the new version of ESXiArgs
• Of these, 1,168 are reinfections
• The new version now represents 83% of live infections
Patch and/or disconnect ESXi ASAP if you have not already.
Based on Shodan data, Ransomwhere has observed 894 IP addresses displaying the new ESXiArgs ransom note.
Only 85 of these IP addresses appear to be new, meaning that the remaining 809 are reinfections -- and may now be unable to recover files.
https://t.co/bcT4VIMZ8H
Based on more complete Censys and Shodan data:
• A total of 1,252 servers have been infected by the new version of ESXiArgs
• Of these, 1,168 are reinfections
• The new version now represents 83% of live infections
Patch and/or disconnect ESXi ASAP if you have not already.
🚨We released an ESXiArgs ransomware recovery script on GitHub to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks: https://t.co/cXpP1m03yw #StopRansomware
Ransomwhere has compiled a list of > 1,700 ransomware payment addresses used in the ESXi Nevada ransomware attacks, sourced from Censys and Shodan data.
2 payments worth $58k have been made so far. We will keep this updated.
https://t.co/SROmwkJgOz
Ransomwhere has obtained an additional 1,092 addresses courtesy of historical @censysio data, for a total of 2,803 payment addresses.
4 total payments have been made to date for a total of $88k.
https://t.co/SROmwkJgOz
CISA has released a script to allow organizations to attempt recovery from the ESXiArgs ransomware attempt. Any PRs or issues are encouraged!
Download the script here: https://t.co/OiIbYvyK3S
Days like these make working in government worth it.
Ransomwhere has obtained an additional 1,092 addresses courtesy of historical @censysio data, for a total of 2,803 payment addresses.
4 total payments have been made to date for a total of $88k.
https://t.co/SROmwkJgOz
Ransomwhere has compiled a list of > 1,700 ransomware payment addresses used in the ESXi Nevada ransomware attacks, sourced from Censys and Shodan data.
2 payments worth $58k have been made so far. We will keep this updated.
https://t.co/SROmwkJgOz
@censysio Addresses that have received payments:
19dCNXkarAedQhhF3SJsHRAMP7T6bVdKBs
bc1q46zs36ey53lem5qv2pryumtmdtmtr352fdk4pj
1NGaBgyQCyNHfeYAtGumzz5HDZpqL39o2M
1FJ4xoPrBzZh7QsVcQqESZSMpPmCuKv3cC
@censysio Addresses that have received payments:
19dCNXkarAedQhhF3SJsHRAMP7T6bVdKBs
bc1q46zs36ey53lem5qv2pryumtmdtmtr352fdk4pj
1NGaBgyQCyNHfeYAtGumzz5HDZpqL39o2M
1FJ4xoPrBzZh7QsVcQqESZSMpPmCuKv3cC
$60M in ransomware payments to the Cuba ransomware group have been added to https://t.co/lBxHWCyKJi. This makes Cuba the highest grossing ransomware group on the site (likely due to having more complete data around the group from FBI & CISA).
Source: https://t.co/sf2Fj6gH88